Tirify shared design system

UI Kit

Tirify shared design system — tokens, UI primitives, rules. Consumed by tirify-admin (Next 16) and tirify-frontend-common-panel (Vite).

Package
@tirify/ui-kit

Version 0.1.3

Tokens
@tirify/design-tokens

Version 0.1.1

Build
npm workspaces

Generated 2026-07-12T12:40:08.021Z

tirify-ui-kit

Shared design system for the Tirify frontends. npm-workspaces monorepo,

published to the GitLab Package Registry under the `@tirify` scope.

Consumers:

Packages

Commands


npm install            # link workspaces

npm run build          # build all packages

npm run check          # verify generated output is not stale (CI gate)

Docs

Per-package: [design-tokens](packages/design-tokens/AGENTS.md), [ui-kit](packages/ui-kit/AGENTS.md).

CI/CD и ArgoCD деплой

Текущий production-like технический деплой UI kit — это статический snapshot документации и build-артефактов пакетов, обслуживаемый nginx в k3s.

URL

Pipeline

GitLab CI запускается на `main` и выполняет:

1. `validate`:

- `npm ci --no-audit --no-fund`

- `npm run build`

- `npm run check`

- `npm run typecheck`

- `npm run build:static`

2. `build_image`:

- собирает Docker image через Kaniko;

- пушит в Harbor:

- `harbor-ecosys.tirify.com/tirify-frontend/tirify-ui-kit:<branch>-latest`

- `harbor-ecosys.tirify.com/tirify-frontend/tirify-ui-kit:<branch>-<sha>`

3. `deploy_gitops`:

- обновляет image tag в `tirify-gitops/deployment`;

- ArgoCD синхронизирует `tirify-ui-kit-prod`.

GitOps

Package Registry

Публикация npm-пакетов выполняется только на git tag job `publish_packages`:

Обычный push в `main` только валидирует пакеты и деплоит статический snapshot в k3s.

GitLab Package Registry

Publishing & consuming via GitLab Package Registry

How it differs from a plain git repo

A **git repo** stores source code; you `git clone` it and get files. A **package

registry** stores *published, versioned build artifacts* (npm tarballs) addressed by

`name@version`. Consumers never clone `tirify-ui-kit` — they run

`npm install @tirify/design-tokens@^0.1.0` and npm downloads the tarball you published.

So there are two separate things:

uploads tarballs and where `npm install` resolves the `@tirify` scope.

Each published version is **immutable** — you can't overwrite `0.1.0`; you bump to

`0.1.1`. That's the whole point: consumers pin a version and it never changes under them.

Endpoints

Current Tirify GitLab project:

Generic GitLab npm endpoints:

**You always publish to a _project_ endpoint.** For this repo, the publish endpoint is already pinned in each package `publishConfig`.

Auth tokens

`.npmrc` auth reads an env var — never commit a real token.

**Cross-project CI gotcha:** when the `tirify-admin` pipeline installs `@tirify/*`

using its own `CI_JOB_TOKEN`, `tirify-ui-kit` must allow it: tirify-ui-kit → Settings →

CI/CD → **Job token permissions** → add the consuming projects to the allowlist.

Simpler alternative for consumers: a **group Deploy Token** with `read_package_registry`.

Publishing (this repo)

1. `publishConfig` is already set in each publishable package to the project registry `https://git-ecosys.tirify.com/api/v4/projects/242/packages/npm/`.

2. CI creates `.npmrc` dynamically and uses `CI_JOB_TOKEN`; local publishing should use `GITLAB_NPM_TOKEN`/deploy token, never a committed token.

3. Bump package versions, build, and publish either by creating a git tag (preferred CI path) or manually:

```bash

npm run build

npm publish -w @tirify/design-tokens

npm publish -w @tirify/ui-kit

```

CI publish job (`.gitlab-ci.yml`)


publish_packages:

  stage: publish

  image: node:22-alpine

  rules:

    - if: '$CI_COMMIT_TAG'          # publish only on a git tag

  script:

    - npm ci --no-audit --no-fund

    - npm run build

    - export NPM_AUTH_TOKEN="${NPM_PUBLISH_TOKEN:-$CI_JOB_TOKEN}"

    - |

      cat > .npmrc <<EOF

      legacy-peer-deps=true

      @tirify:registry=${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/npm/

      //${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=${NPM_AUTH_TOKEN}

      EOF

    - npm publish -w @tirify/design-tokens

    - npm publish -w @tirify/ui-kit

Consuming (in tirify-admin / common-panel)

Add an `.npmrc` at each consumer repo root:


@tirify:registry=https://git-ecosys.tirify.com/api/v4/projects/242/packages/npm/

//git-ecosys.tirify.com/api/v4/projects/242/packages/npm/:_authToken=${GITLAB_NPM_TOKEN}

Then it's an ordinary dependency:


npm install @tirify/design-tokens


// package.json

"dependencies": { "@tirify/design-tokens": "^0.1.0" }

In CI, replace the auth line's token with `${CI_JOB_TOKEN}` (after allowlisting) or

a group deploy token, generated the same way as in the publish job above.

Local development without publishing

While iterating you don't want to publish on every change. Use `npm link` or a

`file:` dependency to point a consumer at your local checkout:


# from a consumer repo:

npm install file:../tirify-ui-kit/packages/design-tokens

# or:  npm link @tirify/design-tokens   (after `npm link` inside the package)

Switch back to the `^0.1.0` registry version before committing the consumer.